TedCopple Posted February 21, 2011 Share Posted February 21, 2011 I am trying to send a XOR encrypted string through C++ to a php script and then re-XOR it on the php side to get the original string, however the XOR func I have tried on the php side ouputs a different string then the C++ side does. XOR the string this in C++ output = LPQK XOR the string this in php output = A]\F I am using the same key for both sides. C++ key=56 void encfunc(char* input, int key) { int strLen = strlen(input); for(int i=0; i<strLen; i++) { input[i] = input[i] ^ key; } } php key=56 for($i=0;$i<strlen($User);$i++) { $outText .= $User{$i} ^ $key; } Quote Link to comment Share on other sites More sharing options...
ChemicalBliss Posted February 21, 2011 Share Posted February 21, 2011 I really dont know C++ well but the differences seem to be that in your PHP exampel you have to concatenate the string, whereas on C++ you change the character independently. To try to mimic this in PHP you could try: for($i=0;$i<strlen($User);$i++) { $XOR = $User{$i} ^ $key; $startString = substr($User, 0, $i); $endString = substr($User, $i + 1, (strlen($User) - $i) - 1); $User = $startString.$XOR.$endstring; } Also, Try a simple XOR, one character, in each program: c++ int key = 10; char* input = "g"; input = input ^ key; php $key = 10; $input = "g"; $input =$input ^ $key; Also check out http://php.net/manual/en/language.operators.bitwise.php hope this helps, Good luck Quote Link to comment Share on other sites More sharing options...
TedCopple Posted February 21, 2011 Author Share Posted February 21, 2011 Hey thanks alot, I will give it a look. Quote Link to comment Share on other sites More sharing options...
ChemicalBliss Posted February 21, 2011 Share Posted February 21, 2011 Don't forget to post your findings it could be useful to someone else . Quote Link to comment Share on other sites More sharing options...
TedCopple Posted February 21, 2011 Author Share Posted February 21, 2011 Don't forget to post your findings it could be useful to someone else . so far the function you posted isn't working. it only processes the first character, and it seems it was the same thing as mine did. I did a simple XOR in C++ on the capital letter "A" output = y Lowercase Y. in php these had the following effects: Output = t <? $toxor = 'A'; //$out = ""; $key = '56'; for($i=0;$i<strlen($toxor);$i++) { $out = $toxor{$i} ^ '56'; echo $out; } ?> output = * <? $toxor = 'A'; //$out = ""; $key = '56'; for($i=0;$i<strlen($toxor);$i++) { $out = $toxor{$i} ^ key; echo $out; } ?> Quote Link to comment Share on other sites More sharing options...
ChemicalBliss Posted February 21, 2011 Share Posted February 21, 2011 Can you give us some more information, The original string would be nice so we can try to replicate the c++ results in our own php environment. Also check if the variables $User is the same in each program and that $key is the same type (PHP String vs Integer). Quote Link to comment Share on other sites More sharing options...
TedCopple Posted February 21, 2011 Author Share Posted February 21, 2011 Can you give us some more information, The original string would be nice so we can try to replicate the c++ results in our own php environment. Also check if the variables $User is the same in each program and that $key is the same type (PHP String vs Integer). The difference was the key(as you mentioned). I am using an int key in my C++ XOR func, I changed the key in the php script from 56 to 87 and now the results match up even though the key being used in C++ is 56. I suppose I will try to change to a string key in C++ and see if I can use the same exact key for both. What more information would you like? The original string was actually my name, I am making a simple login system in my C++ application, but I don't want to make it too easy for people to spoof login info, and when using HTTP wininet funcs in C++ the strings sent to the server are easily available in an HTTP packet sniffer. I just want to be able to do a simple XOR operation on my sent data strings when sending data out, convert the string back to normal in the php script, check the data against the db entries, re-XOR the data and send it back. Then un-XOR it again and check it against data in my C++ app. I posted the C++ code and the php func I am now using looks like this: OUTPUT = QLKYMK]JVYU] -> matches my C++ output exactly witch is using int key = 56 as the key. <? $toxor = 'itsausername'; //$out = ""; $key = '56'; for($i=0;$i<strlen($toxor);$i++) { $out = $toxor{$i} ^ "87"; echo $out; } ?> Quote Link to comment Share on other sites More sharing options...
ChemicalBliss Posted February 21, 2011 Share Posted February 21, 2011 It is as i expected - PHP's different approach to "Characters" and "Strings"; For example; The ASCII id of A is 65: PHP: A is stored a literal character rather than a number C++: A is stored as it's ASCII id Results: PHP: "A" (the string) XOR "56" (also string) - note php cannot XOR between different variable types (int+string). C++ "65" (integer) XOR "56" (also integer) Simple Demonstration: C++ Mimic: <?php $User = ord('A'); // ord() gets the ASCII id of this character $key = 56; echo "Result Integer: ".($User ^ $key). "Character: ".chr($User ^ $key); PHP Native: <?php $User = 'A'; $key = '56'; echo "Result: ".($User ^ $key); hope this helps Quote Link to comment Share on other sites More sharing options...
ChemicalBliss Posted February 21, 2011 Share Posted February 21, 2011 Also, I had a bug in my code i gave you - a logic error . Here it is in it's C++ mimic glory <?php $User = 'itsausername'; $key = 56; for($i=0;$i<strlen($User);$i++) { $User = substr($User, 0, $i).chr(ord($User{$i}) ^ $key).substr($User, $i + 1, (strlen($User) - ($i + 1))); } echo($User); ?> hope this helps Quote Link to comment Share on other sites More sharing options...
TedCopple Posted February 21, 2011 Author Share Posted February 21, 2011 Also, I had a bug in my code i gave you - a logic error . Here it is in it's C++ mimic glory <?php $User = 'itsausername'; $key = 56; for($i=0;$i<strlen($User);$i++) { $User = substr($User, 0, $i).chr(ord($User{$i}) ^ $key).substr($User, $i + 1, (strlen($User) - ($i + 1))); } echo($User); ?> hope this helps Alright, thanks again for your efforts. Very helpful. Quote Link to comment Share on other sites More sharing options...
TedCopple Posted February 21, 2011 Author Share Posted February 21, 2011 One last thing, if I do this: for($i=0;$i<strlen($User);$i++) { $out = $User{$i} ^ "87"; echo $out; <------------ outputs the entire decrypted string. } echo $out; <------- Outputs only the last letter. Nevermind, put it in a func that echos it and now its working proper. Quote Link to comment Share on other sites More sharing options...
ChemicalBliss Posted February 22, 2011 Share Posted February 22, 2011 No problem, You need to use the "Concatenation-Operand" in your $out assignment line: $out .= ... hope this helps PS, Globals in PHP is a nasty word and i would try to avoid it as best as possible . Quote Link to comment Share on other sites More sharing options...
TedCopple Posted February 22, 2011 Author Share Posted February 22, 2011 Ok, you were right. This works. Wonder why my function didn't work though. for($i=0;$i<strlen($tobXORd);$i++) { $toxor .= $tobXORd{$i} ^ "87"; } echo $toxor; function dec($User){ for($i=0;$i<strlen($User);$i++) { $theuser = $User{$i} ^ "87"; echo $theuser; ---> Outputs entire encrypted string. } } $out = dec($user); -----> Outputs first letter only echo $out; I tried $theuser .= as well, the call to the function to fill $out only gives $out the first letter. Quote Link to comment Share on other sites More sharing options...
TedCopple Posted February 22, 2011 Author Share Posted February 22, 2011 Ok, you were right. This works. Wonder why my function didn't work though. for($i=0;$i<strlen($tobXORd);$i++) { $toxor .= $tobXORd{$i} ^ "87"; } echo $toxor; function dec($User){ for($i=0;$i<strlen($User);$i++) { $theuser = $User{$i} ^ "87"; echo $theuser; ---> Outputs entire encrypted string. } } $out = dec($user); -----> Outputs first letter only echo $out; I tried $theuser .= as well, the call to the function to fill $out only gives $out the first letter. Sorry, my example my function was bad too. When using the function I actually it setup with a return. function dec($User){ for($i=0;$i<strlen($User);$i++) { $theuser = $User{$i} ^ "87"; return $theuser; } } $out = dec($user); -----> Outputs first letter only echo $out; Quote Link to comment Share on other sites More sharing options...
TedCopple Posted February 22, 2011 Author Share Posted February 22, 2011 alright..still having issues. Using my xor func and the one you posted above. What happens is it works fine for some strings. However some strings it botches. One of the strings it skips a single character, and the other string it duplicates a few characters, another string it works perfectly fine. Quote Link to comment Share on other sites More sharing options...
TedCopple Posted February 22, 2011 Author Share Posted February 22, 2011 Can anybody help me figure out why the xor functions are not matching perfectly? if I send my name encrypted to the server, the php script outputs it perfecty via its decryption. However if I send my name or a password containing numbers/letters, it botches it somehow. It will either remove a character, or duplicate characters. Quote Link to comment Share on other sites More sharing options...
ChemicalBliss Posted February 22, 2011 Share Posted February 22, 2011 Dont return inside a for loop its never a good idea, if you have to use a break; statement. With your "inconsistent" results - reproduce the poblem with a little code as possible - then give us that, with examples of input and output. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.